diff options
Diffstat (limited to 'backend/node_modules/bcryptjs/src/bcrypt/prng')
3 files changed, 278 insertions, 0 deletions
diff --git a/backend/node_modules/bcryptjs/src/bcrypt/prng/README.md b/backend/node_modules/bcryptjs/src/bcrypt/prng/README.md new file mode 100644 index 0000000..e6c2c68 --- /dev/null +++ b/backend/node_modules/bcryptjs/src/bcrypt/prng/README.md @@ -0,0 +1,5 @@ +Because of [reasonable security doubts](https://github.com/dcodeIO/bcrypt.js/issues/16), these files, which used to be
+a part of bcrypt-isaac.js, are no longer used but are kept here for reference only.
+
+What is required instead is a proper way to collect entropy sources (using an intermediate stream cipher) which is then
+used to seed the CSPRNG. Pick one and use `bcrypt.setRandomFallback` instead.
diff --git a/backend/node_modules/bcryptjs/src/bcrypt/prng/accum.js b/backend/node_modules/bcryptjs/src/bcrypt/prng/accum.js new file mode 100644 index 0000000..025d5c8 --- /dev/null +++ b/backend/node_modules/bcryptjs/src/bcrypt/prng/accum.js @@ -0,0 +1,133 @@ +/* basic entropy accumulator */
+var accum = (function() {
+
+ var pool, // randomness pool
+ time, // start timestamp
+ last; // last step timestamp
+
+ /* initialize with default pool */
+ function init() {
+ pool = [];
+ time = new Date().getTime();
+ last = time;
+ // use Math.random
+ pool.push((Math.random() * 0xffffffff)|0);
+ // use current time
+ pool.push(time|0);
+ }
+
+ /* perform one step */
+ function step() {
+ if (!to)
+ return;
+ if (pool.length >= 255) { // stop at 255 values (1 more is added on fetch)
+ stop();
+ return;
+ }
+ var now = new Date().getTime();
+ // use actual time difference
+ pool.push(now-last);
+ // always compute, occasionally use Math.random
+ var rnd = (Math.random() * 0xffffffff)|0;
+ if (now % 2)
+ pool[pool.length-1] += rnd;
+ last = now;
+ to = setTimeout(step, 100+Math.random()*512); // use hypothetical time difference
+ }
+
+ var to = null;
+
+ /* starts accumulating */
+ function start() {
+ if (to) return;
+ to = setTimeout(step, 100+Math.random()*512);
+ if (console.log)
+ console.log("bcrypt-isaac: collecting entropy...");
+ // install collectors
+ if (typeof window !== 'undefined' && window && window.addEventListener)
+ window.addEventListener("load", loadCollector, false),
+ window.addEventListener("mousemove", mouseCollector, false),
+ window.addEventListener("touchmove", touchCollector, false);
+ else if (typeof document !== 'undefined' && document && document.attachEvent)
+ document.attachEvent("onload", loadCollector),
+ document.attachEvent("onmousemove", mouseCollector);
+ }
+
+ /* stops accumulating */
+ function stop() {
+ if (!to) return;
+ clearTimeout(to); to = null;
+ // uninstall collectors
+ if (typeof window !== 'undefined' && window && window.removeEventListener)
+ window.removeEventListener("load", loadCollector, false),
+ window.removeEventListener("mousemove", mouseCollector, false),
+ window.removeEventListener("touchmove", touchCollector, false);
+ else if (typeof document !== 'undefined' && document && document.detachEvent)
+ document.detachEvent("onload", loadCollector),
+ document.detachEvent("onmousemove", mouseCollector);
+ }
+
+ /* fetches the randomness pool */
+ function fetch() {
+ // add overall time difference
+ pool.push((new Date().getTime()-time)|0);
+ var res = pool;
+ init();
+ if (console.log)
+ console.log("bcrypt-isaac: using "+res.length+"/256 samples of entropy");
+ // console.log(res);
+ return res;
+ }
+
+ /* adds the current time to the top of the pool */
+ function addTime() {
+ pool[pool.length-1] += new Date().getTime() - time;
+ }
+
+ /* page load collector */
+ function loadCollector() {
+ if (!to || pool.length >= 255)
+ return;
+ pool.push(0);
+ addTime();
+ }
+
+ /* mouse events collector */
+ function mouseCollector(ev) {
+ if (!to || pool.length >= 255)
+ return;
+ try {
+ var x = ev.x || ev.clientX || ev.offsetX || 0,
+ y = ev.y || ev.clientY || ev.offsetY || 0;
+ if (x != 0 || y != 0)
+ pool[pool.length-1] += ((x-mouseCollector.last[0]) ^ (y-mouseCollector.last[1])),
+ addTime(),
+ mouseCollector.last = [x,y];
+ } catch (e) {}
+ }
+ mouseCollector.last = [0,0];
+
+ /* touch events collector */
+ function touchCollector(ev) {
+ if (!to || pool.length >= 255)
+ return;
+ try {
+ var touch = ev.touches[0] || ev.changedTouches[0];
+ var x = touch.pageX || touch.clientX || 0,
+ y = touch.pageY || touch.clientY || 0;
+ if (x != 0 || y != 0)
+ pool[pool.length-1] += (x-touchCollector.last[0]) ^ (y-touchCollector.last[1]),
+ addTime(),
+ touchCollector.last = [x,y];
+ } catch (e) {}
+ }
+ touchCollector.last = [0,0];
+
+ init();
+ return {
+ "start": start,
+ "stop": stop,
+ "fetch": fetch
+ }
+
+})();
diff --git a/backend/node_modules/bcryptjs/src/bcrypt/prng/isaac.js b/backend/node_modules/bcryptjs/src/bcrypt/prng/isaac.js new file mode 100644 index 0000000..e4ce30f --- /dev/null +++ b/backend/node_modules/bcryptjs/src/bcrypt/prng/isaac.js @@ -0,0 +1,140 @@ +/*
+ isaac.js Copyright (c) 2012 Yves-Marie K. Rinquin
+
+ Permission is hereby granted, free of charge, to any person obtaining
+ a copy of this software and associated documentation files (the
+ "Software"), to deal in the Software without restriction, including
+ without limitation the rights to use, copy, modify, merge, publish,
+ distribute, sublicense, and/or sell copies of the Software, and to
+ permit persons to whom the Software is furnished to do so, subject to
+ the following conditions:
+
+ The above copyright notice and this permission notice shall be
+ included in all copies or substantial portions of the Software.
+
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+
+/* isaac module pattern */
+var isaac = (function(){
+
+ /* internal states */
+ var m = Array(256), // internal memory
+ acc = 0, // accumulator
+ brs = 0, // last result
+ cnt = 0, // counter
+ r = Array(256), // result array
+ gnt = 0, // generation counter
+ isd = false; // initially seeded
+
+
+ /* 32-bit integer safe adder */
+ function add(x, y) {
+ var lsb = (x & 0xffff) + (y & 0xffff),
+ msb = (x >>> 16) + (y >>> 16) + (lsb >>> 16);
+ return (msb << 16) | (lsb & 0xffff);
+ }
+
+ /* initialisation */
+ function reset() {
+ acc = brs = cnt = 0;
+ for (var i = 0; i < 256; ++i)
+ m[i] = r[i] = 0;
+ gnt = 0;
+ }
+
+ /* seeding function */
+ function seed(s) {
+ var a, b, c, d, e, f, g, h, i;
+
+ /* seeding the seeds of love */
+ a = b = c = d = e = f = g = h = 0x9e3779b9; /* the golden ratio */
+
+ if (s && typeof(s) === 'number')
+ s = [s];
+
+ if (s instanceof Array) {
+ reset();
+ for (i = 0; i < s.length; ++i)
+ r[i & 0xff] += typeof(s[i]) === 'number' ? s[i] : 0;
+ }
+
+ /* private: seed mixer */
+ function seed_mix() {
+ a ^= b << 11; d = add(d, a); b = add(b, c);
+ b ^= c >>> 2; e = add(e, b); c = add(c, d);
+ c ^= d << 8; f = add(f, c); d = add(d, e);
+ d ^= e >>> 16; g = add(g, d); e = add(e, f);
+ e ^= f << 10; h = add(h, e); f = add(f, g);
+ f ^= g >>> 4; a = add(a, f); g = add(g, h);
+ g ^= h << 8; b = add(b, g); h = add(h, a);
+ h ^= a >>> 9; c = add(c, h); a = add(a, b);
+ }
+
+ for (i = 0; i < 4; i++) /* scramble it */
+ seed_mix();
+
+ for (i = 0; i < 256; i += 8) {
+ if (s) /* use all the information in the seed */
+ a = add(a, r[i + 0]), b = add(b, r[i + 1]),
+ c = add(c, r[i + 2]), d = add(d, r[i + 3]),
+ e = add(e, r[i + 4]), f = add(f, r[i + 5]),
+ g = add(g, r[i + 6]), h = add(h, r[i + 7]);
+ seed_mix();
+ /* fill in m[] with messy stuff */
+ m[i + 0] = a; m[i + 1] = b; m[i + 2] = c; m[i + 3] = d;
+ m[i + 4] = e; m[i + 5] = f; m[i + 6] = g; m[i + 7] = h;
+ }
+ if (s)
+ /* do a second pass to make all of the seed affect all of m[] */
+ for (i = 0; i < 256; i += 8)
+ a = add(a, m[i + 0]), b = add(b, m[i + 1]),
+ c = add(c, m[i + 2]), d = add(d, m[i + 3]),
+ e = add(e, m[i + 4]), f = add(f, m[i + 5]),
+ g = add(g, m[i + 6]), h = add(h, m[i + 7]),
+ seed_mix(),
+ /* fill in m[] with messy stuff (again) */
+ m[i + 0] = a, m[i + 1] = b, m[i + 2] = c, m[i + 3] = d,
+ m[i + 4] = e, m[i + 5] = f, m[i + 6] = g, m[i + 7] = h;
+ prng(); /* fill in the first set of results */
+ gnt = 256; /* prepare to use the first set of results */;
+ }
+
+ /* isaac generator, n = number of run */
+ function prng(n) {
+ var i, x, y;
+ n = n && typeof(n) === 'number' ? Math.abs(Math.floor(n)) : 1;
+ while (n--) {
+ cnt = add(cnt, 1);
+ brs = add(brs, cnt);
+ for(i = 0; i < 256; i++) {
+ switch(i & 3) {
+ case 0: acc ^= acc << 13; break;
+ case 1: acc ^= acc >>> 6; break;
+ case 2: acc ^= acc << 2; break;
+ case 3: acc ^= acc >>> 16; break;
+ }
+ acc = add(m[(i + 128) & 0xff], acc); x = m[i];
+ m[i] = y = add(m[(x >>> 2) & 0xff], add(acc, brs));
+ r[i] = brs = add(m[(y >>> 10) & 0xff], x);
+ }
+ }
+ }
+
+ /* return a random number between */
+ return function() {
+ if (!isd) // seed from accumulator
+ isd = true,
+ accum.stop(),
+ seed(accum.fetch());
+ if (!gnt--)
+ prng(), gnt = 255;
+ return r[gnt];
+ };
+})();
|